/* ===================

AX2E (AXESCON XACML 2.0 Engine) is the Java authorization engine, which implements OASIS XACML 2.0 standard.
Copyright (C) 2007 AXESCON LLC

This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.

This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA


Contact: AXESCON LLC - info{at}axescon.com

 =================== */
/*
 * @(#)OrderedPermitOverridesRuleAlg.java
 *
 * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 *   1. Redistribution of source code must retain the above copyright notice,
 *      this list of conditions and the following disclaimer.
 * 
 *   2. Redistribution in binary form must reproduce the above copyright
 *      notice, this list of conditions and the following disclaimer in the
 *      documentation and/or other materials provided with the distribution.
 *
 * Neither the name of Sun Microsystems, Inc. or the names of contributors may
 * be used to endorse or promote products derived from this software without
 * specific prior written permission.
 * 
 * This software is provided "AS IS," without a warranty of any kind. ALL
 * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
 * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
 * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
 * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
 * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
 * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
 * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
 * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY
 * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
 * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
 *
 * You acknowledge that this software is not designed or intended for use in
 * the design, construction, operation or maintenance of any nuclear facility.
 */

package axescon.xacml.samples.customalg;

import axescon.xacml.api.CtxHandler;
import axescon.xacml.api.XacmlException;
import axescon.xacml.api.alg.RuleCombAlg;
import axescon.xacml.engine.PolicyEvaluatorImpl;
import axescon.xacml.model.ctx.Result;
import axescon.xacml.model.ctx.XacmlCtx;
import axescon.xacml.model.ctx.impl.ResultImpl;
import axescon.xacml.model.policy.Rule;
import axescon.xacml.model.policy.RuleCombinerParameters;
import axescon.xacml.model.shared.Decision;


/**
 * @author argyn
 *         Date: Jun 27, 2005
 *         Time: 11:09:19 PM
 *         Responsibilities: demonstrates custom Rule combining algorithm.
 *          This algorithm requires at least two rules permit to give permission,
 * otherwise the decision is Deny.
 */
public class TwoPermitsRequiredRuleAlg implements RuleCombAlg {

    public TwoPermitsRequiredRuleAlg() {
    }

    public Result combine(Rule[] rules, XacmlCtx req, CtxHandler ch,
                                         RuleCombinerParameters[] params, PolicyEvaluatorImpl pdp)
            throws XacmlException {
        boolean atLeastOnePermit = false;
        Result indeterminateResult = null;
        Result denyResult = null;

        for (int i = 0; i < rules.length; i++) {
            Rule rule = rules[i];
            Result result = pdp.getRuleEvaluator().eval(rule, ch, req);
            byte decision = result.getDecision();

            if (decision == Decision.BYTE_DENY) {
                denyResult = result;
                break;
            }
            if (decision == Decision.BYTE_PERMIT) {
                if(atLeastOnePermit) return result;
                atLeastOnePermit = true;
                continue;
            }

            if (decision == Decision.BYTE_NOT_APPLICABLE) {
                continue;
            }

            if (decision == Decision.BYTE_INDETERMINATE) {
                indeterminateResult = result;
                break;
            }
        }

        Result ret = new ResultImpl();
        ret.setDecision(Decision.BYTE_DENY);
        ret.setResourceId(ch.getResourceId(req));
        return ret;
    }

}
